Thread-topic: [SA18696] FreeBSD SACK Handling Denial of Service
>
> TITLE:
> FreeBSD SACK Handling Denial of Service
>
> SECUNIA ADVISORY ID:
> SA18696
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> DoS
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> FreeBSD 5.x
>
>
> DESCRIPTION:
> A vulnerability has been reported in FreeBSD, which can be exploited
> by malicious people to cause a DoS (Denial of Service).
>
> The vulnerability is caused due to an error in the SACK (Selective
> ACKnowledgement) handling and may result in an infinite loop when not
> enough memory is available to handle an incoming SACK. This can be
> exploited by opening up a TCP connection to a vulnerable system and
> sending a specially crafted series of TCP packets.
>
> Successful exploitation causes the TCP/IP stack to enter an infinite
> loop.
>
> SOLUTION:
> Update FreeBSD or apply patch.
>
> Fixed versions:
> 2006-01-24 01:16:18 UTC (RELENG_5, 5.4-STABLE)
> 2006-02-01 19:43:10 UTC (RELENG_5_4, 5.4-RELEASE-p11)
> 2006-02-01 19:43:36 UTC (RELENG_5_3, 5.3-RELEASE-p26)
>
> Patch for FreeBSD 5.3 and 5.4:
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch.asc
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Scott Wood.
>
> ORIGINAL ADVISORY:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-0
> 6:08.sack.asc
>
